IS audit results

- [Instructor] All right, so now let's talk…a little bit about IS audit results.…So now that you've got all the evidence,…what do you do with it?…Well, it's time to take the results of those tests…and the analysis that you've performed and all that output…and generate some kind of findings.…At the end of the day,…you're going to interpret these results…and come to some conclusions.…These are the broader, larger conclusions.…I mean results are just the output of the tests…and the collection of evidence and some interpretation.…

But what does all that mean?…What do these results tell us…about the overall organization?…And what can it lead us to infer?…Does this, for example, mean that we're led to believe…that we have a security awareness problem, for example?…Those are the kind of things that you want to be able to…generate as findings.…Now, we compare those results to existing baselines…or some kind of previous audit results…so that we can hopefully identify some kind of trend.…Look, we're getting better.…

Or no management or no audit board,…

Resume Transcript Auto-Scroll

Author

Released

9/1/2017

Earning a CISA certification validates your ability to audit, control, and monitor information systems. The CISA Cert Prep series prepares you to tackle this exam by going into each of the topics it covers, helping you acquire the skills you need to confidently manage IT security audits. In this course—the first in the series—take a deep dive into the concepts covered in the Process of Auditing Information Systems domain. Learn how to organize and plan an audit, put controls in place, and use a repeatable audit process to ensure that your results are meaningful and your audit is complete. Plus, learn about communicating results with an audit outbrief, embedding the audit function into operations, and how continuous auditing can help you identify and fix problems more effectively.

Note: This series was created by Human Element, Michael Lester, Jordan Genung, and Steve Bennett.